home » fred » hoople » source » app_src » dcomperm

aclmgmt.cpp

Go to the documentation of this file.
00001 /*++
00002 
00003 DCOM Permission Configuration Sample
00004 Copyright (c) 1996, Microsoft Corporation. All rights reserved.
00005 
00006 Module Name:
00007 
00008     aclmgmt.cpp
00009 
00010 Abstract:
00011 
00012     Routines to manage access control lists
00013 
00014 Author:
00015 
00016     Michael Nelson
00017 
00018 Environment:
00019 
00020     Windows NT
00021 
00022 --*/
00023 
00024 #include <windows.h>
00025 #include <stdio.h>
00026 #include <conio.h>
00027 #include <tchar.h>
00028 #include <malloc.h>
00029 #include "ntsecapi.h"
00030 #include "dcomperm.h"
00031 
00032 DWORD
00033 CopyACL (
00034     PACL OldACL,
00035     PACL NewACL
00036     )
00037 {
00038     ACL_SIZE_INFORMATION  aclSizeInfo;
00039     LPVOID                ace = NIL;
00040     ACE_HEADER            *aceHeader = NIL;
00041     ULONG                 i = 0;
00042 
00043     GetAclInformation (OldACL, (LPVOID) &aclSizeInfo, (DWORD) sizeof (aclSizeInfo), AclSizeInformation);
00044 
00045     //
00046     // Copy all of the ACEs to the new ACL
00047     //
00048 
00049     for (i = 0; i < aclSizeInfo.AceCount; i++)
00050     {
00051         //
00052         // Get the ACE and header info
00053         //
00054 
00055         if (!GetAce (OldACL, i, &ace))
00056             return GetLastError();
00057 
00058         aceHeader = (ACE_HEADER *) ace;
00059 
00060         //
00061         // Add the ACE to the new list
00062         //
00063 
00064         if (!AddAce (NewACL, ACL_REVISION, 0xffffffff, ace, aceHeader->AceSize))
00065             return GetLastError();
00066     }
00067 
00068     return ERROR_SUCCESS;
00069 }
00070 
00071 DWORD
00072 AddAccessDeniedACEToACL (
00073     PACL *Acl,
00074     DWORD PermissionMask,
00075     LPTSTR Principal
00076     )
00077 {
00078     ACL_SIZE_INFORMATION  aclSizeInfo;
00079     int                   aclSize = 0;
00080     DWORD                 returnValue = 0;
00081     PSID                  principalSID = 0;
00082     PACL                  oldACL = NIL, newACL = NIL;
00083 
00084     oldACL = *Acl;
00085 
00086     returnValue = GetPrincipalSID (Principal, &principalSID);
00087     if (returnValue != ERROR_SUCCESS)
00088         return returnValue;
00089 
00090     GetAclInformation (oldACL, (LPVOID) &aclSizeInfo, (DWORD) sizeof (ACL_SIZE_INFORMATION), AclSizeInformation);
00091 
00092     aclSize = aclSizeInfo.AclBytesInUse +
00093               sizeof (ACL) + sizeof (ACCESS_DENIED_ACE) +
00094               GetLengthSid (principalSID) - sizeof (DWORD);
00095 
00096     newACL = (PACL) new BYTE [aclSize];
00097 
00098     if (!InitializeAcl (newACL, aclSize, ACL_REVISION))
00099     {
00100         free (principalSID);
00101         return GetLastError();
00102     }
00103 
00104     if (!AddAccessDeniedAce (newACL, ACL_REVISION2, PermissionMask, principalSID))
00105     {
00106         free (principalSID);
00107         return GetLastError();
00108     }
00109 
00110     returnValue = CopyACL (oldACL, newACL);
00111     if (returnValue != ERROR_SUCCESS)
00112     {
00113         free (principalSID);
00114         return returnValue;
00115     }
00116 
00117     *Acl = newACL;
00118 
00119     free (principalSID);
00120     return ERROR_SUCCESS;
00121 }
00122 
00123 DWORD
00124 AddAccessAllowedACEToACL (
00125     PACL *Acl,
00126     DWORD PermissionMask,
00127     LPTSTR Principal
00128     )
00129 {
00130     ACL_SIZE_INFORMATION  aclSizeInfo;
00131     int                   aclSize = 0;
00132     DWORD                 returnValue = 0;
00133     PSID                  principalSID = NIL;
00134     PACL                  oldACL = NIL, newACL = NIL;
00135 
00136     oldACL = *Acl;
00137 
00138     returnValue = GetPrincipalSID (Principal, &principalSID);
00139     if (returnValue != ERROR_SUCCESS)
00140         return returnValue;
00141 
00142     GetAclInformation (oldACL, (LPVOID) &aclSizeInfo, (DWORD) sizeof (ACL_SIZE_INFORMATION), AclSizeInformation);
00143 
00144     aclSize = aclSizeInfo.AclBytesInUse +
00145               sizeof (ACL) + sizeof (ACCESS_ALLOWED_ACE) +
00146               GetLengthSid (principalSID) - sizeof (DWORD);
00147 
00148     newACL = (PACL) new BYTE [aclSize];
00149 
00150     if (!InitializeAcl (newACL, aclSize, ACL_REVISION))
00151     {
00152         free (principalSID);
00153         return GetLastError();
00154     }
00155 
00156     returnValue = CopyACL (oldACL, newACL);
00157     if (returnValue != ERROR_SUCCESS)
00158     {
00159         free (principalSID);
00160         return returnValue;
00161     }
00162 
00163     if (!AddAccessAllowedAce (newACL, ACL_REVISION2, PermissionMask, principalSID))
00164     {
00165         free (principalSID);
00166         return GetLastError();
00167     }
00168 
00169     *Acl = newACL;
00170 
00171     free (principalSID);
00172     return ERROR_SUCCESS;
00173 }
00174 
00175 DWORD
00176 RemovePrincipalFromACL (
00177     PACL Acl,
00178     LPTSTR Principal
00179     )
00180 {
00181     ACL_SIZE_INFORMATION    aclSizeInfo;
00182     ULONG                   i = 0;
00183     LPVOID                  ace = NIL;
00184     ACCESS_ALLOWED_ACE      *accessAllowedAce = NIL;
00185     ACCESS_DENIED_ACE       *accessDeniedAce = NIL;
00186     SYSTEM_AUDIT_ACE        *systemAuditAce = NIL;
00187     PSID                    principalSID = NIL;
00188     DWORD                   returnValue = 0;
00189     ACE_HEADER              *aceHeader = NIL;
00190 
00191     returnValue = GetPrincipalSID (Principal, &principalSID);
00192     if (returnValue != ERROR_SUCCESS)
00193         return returnValue;
00194 
00195     GetAclInformation (Acl, (LPVOID) &aclSizeInfo, (DWORD) sizeof (ACL_SIZE_INFORMATION), AclSizeInformation);
00196 
00197     for (i = 0; i < aclSizeInfo.AceCount; i++)
00198     {
00199         if (!GetAce (Acl, i, &ace))
00200         {
00201             free (principalSID);
00202             return GetLastError();
00203         }
00204 
00205         aceHeader = (ACE_HEADER *) ace;
00206 
00207         if (aceHeader->AceType == ACCESS_ALLOWED_ACE_TYPE)
00208         {
00209             accessAllowedAce = (ACCESS_ALLOWED_ACE *) ace;
00210 
00211             if (EqualSid (principalSID, (PSID) &accessAllowedAce->SidStart))
00212             {
00213                 DeleteAce (Acl, i);
00214                 free (principalSID);
00215                 return ERROR_SUCCESS;
00216             }
00217         } else
00218 
00219         if (aceHeader->AceType == ACCESS_DENIED_ACE_TYPE)
00220         {
00221             accessDeniedAce = (ACCESS_DENIED_ACE *) ace;
00222 
00223             if (EqualSid (principalSID, (PSID) &accessDeniedAce->SidStart))
00224             {
00225                 DeleteAce (Acl, i);
00226                 free (principalSID);
00227                 return ERROR_SUCCESS;
00228             }
00229         } else
00230 
00231         if (aceHeader->AceType == SYSTEM_AUDIT_ACE_TYPE)
00232         {
00233             systemAuditAce = (SYSTEM_AUDIT_ACE *) ace;
00234 
00235             if (EqualSid (principalSID, (PSID) &systemAuditAce->SidStart))
00236             {
00237                 DeleteAce (Acl, i);
00238                 free (principalSID);
00239                 return ERROR_SUCCESS;
00240             }
00241         }
00242     }
00243 
00244     free (principalSID);
00245     return ERROR_SUCCESS;
00246 }
00247
Generated on Thu Nov 20 04:28:44 2008 for HOOPLE Libraries by  doxygen 1.5.1